b'                 Audit of the Department\xe2\x80\x99s Efforts in \n\n                       Identifying IRM KSAs \n\n\n\n\n\n                                   FINAL AUDIT REPORT \n\n                                     ED-OIG/A07-E0002 \n\n                                        August 2004 \n\n\n\n\n\nOur mission is to promote the efficiency,                 U.S. Department of Education\neffectiveness, and integrity of the                          Office of Inspector General\nDepartment\xe2\x80\x99s programs and operations.                      Kansas City, Missouri Office\n\x0c                                        NOTICE \n\n            Statements that managerial practices need improvements, as well as other \n\n                         conclusions and recommendations in this report \n\n          represent the opinions of the Office of Inspector General. Determinations of \n\ncorrective action to be taken will be made by the appropriate Department of Education officials. \n\n\n         In accordance with Freedom of Information Act (5 U.S. C. \xc2\xa7 552) reports \n\n                  issued by the Office of Inspector General are available to \n\n   members of the press and general public to the extent information contained therein is not \n\n                              subject to exemptions in the Act. \n\n\x0c                           UNITED STATES DEPARTMENT OF EDUCATION\n                                            OFFICE OF INSPECTOR GENERAL\n\n\n\n\n                                                        AUG 2 02004\nMEMORANDUM\n\n\nTO: \t             William J. Leidinger,\n                  Assistant SecretarY for Management and Chief Information Officer\n\nFROM: \t           Helen Lew        Itt /-tt- ~\n                  Ass istant Inspector General for Audit\n\nSUBJECT: \t        Final Audit Report - Audit ofthe Department\'s Efforts in Identifying IRM KSA s\n                  COl/trol No. ED-O/G/A07-E0002\n\nAttached is the subject final audit report that covers the results of our review of the Department \' s efforts\nin identifying Information Resource Management (JRM) knowledge, skills, and abilities (KSAs) in\naccordance with the Clinger-Cohen Act. An electronic copy has been provided to your Audit Liaison\nOfficer. We received your comments concurring with the finding and recommendations in our draft\nreport.\n\nCorrective actions proposed (resolution phase) and implemented (closure phase) by your office will be\nmonitored and tracked through the Department\' s Audit Accountability and Resolution Tracking System\n(AARTS). ED policy requires that you develop a final corrective action plan (CAP) for our review in the\nautomated system within 30 days of the issuance of this report. The CAP should set forth the specific\naction items, and targeted completion dates, necessary to implement final corrective actions on the findin g\nand recommendations contained in this final audit report.\n\nIn accordance with the Inspector General Act of 1978, as amended, the Office of Inspector General is\nrequired to report to Congress twi ce a year on the audits that remain unresolved after six months from the\ndate of issuance.\n\nIn accordance with the Freedom of Information Act (5 U.S.C. \xc2\xa7552), reports issued by the Office of\nInspector General are available to members of the press and general public to the extent information\ncontained therein is not subj ect to exemptions in the Act.\n\nWe appreciate the cooperation given us during this review. If you have any questions, please call Richard\nJ. Dowd, Regional Inspector General for Audit, at 312-886-6503.\n\n\nEnclosure\n\n\n\n\n                               600 INDEPENDENCE AVE .. S.W. WASH INGTON. D.C. 20202-1510\n\n        Our mission Is 10 ensure equal access   to   education and to promoLe edltCalional excellence throughout the Nation.\n\x0c     Audit of the Department\xe2\x80\x99s Efforts in Identifying IRM KSAs\n\n\n\n                                   Table of Contents \n\n\n\nExecutive Summary \xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa61 \n\n\nAudit Results \xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6...\xe2\x80\xa6..\xe2\x80\xa6..2 \n\n\n      Finding - The Department May not be in Full Compliance With the Clinger-Cohen Act \n\n      Requirements for Developing IRM KSAs .\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6...\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6.\xe2\x80\xa6.\xe2\x80\xa6....2 \n\n\nBackground \xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6.\xe2\x80\xa65 \n\n\nObjectives, Scope, and Methodology\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6..6 \n\n\nStatement on Management Controls \xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6...7 \n\n\nAppendix I \xe2\x80\x93 Clinger-Cohen Core Competencies\n\n\nAppendix II \xe2\x80\x93 Auditee Comments \n\n\n\n\n\n                                    ED-OIG/AO7-E0002 \n\n\x0c           Audit of the Department\xe2\x80\x99s Efforts in Identifying IRM KSAs \n\n\n                                         Executive Summary \n\n\nThe Department of Education (Department) has made progress in complying with the Clinger-\nCohen Act1 requirements for obtaining KSAs necessary to effectively perform IRM functions\nthrough limited workforce planning efforts. However, it did not use a systematic process in\nevaluating knowledge, skills, and abilities (KSAs); nor did it address the KSA requirements for all\nIRM staff. Without having identified the needed KSAs for all IRM staff, the Department was not\nable to develop a comprehensive strategy to eliminate deficiencies between needed and actual\nKSAs. As such, the Department\xe2\x80\x99s information resources management (IRM) may lack the basic\nKSAs needed to effectively manage information technology (IT) resources and investments; and to\naccomplish its goals. We recommend that the Department 1) use a systematic process such as the\nestablished core competencies in addressing the Clinger-Cohen requirements related to KSAs for\nIRM; and 2) ensure that skill assessments for the Office of the Chief Information Officer (OCIO) are\ntied to the IRM goals included in the Department\xe2\x80\x99s overall strategic plan.\n\nWe reviewed the Department\xe2\x80\x99s efforts to comply with the Clinger-Cohen Act requirements for\nobtaining KSAs necessary to effectively perform IRM functions. The objectives of our review were\nto determine the Department\xe2\x80\x99s progress in 1) identifying the KSAs needed for IRM; 2) developing a\nstrategy to eliminate deficiencies between needed and actual KSAs; and 3) reporting progress made\nin improving IRM capability.\n\nThe Act requires federal agencies to determine the KSAs required for agency personnel in IRM and\nidentify the current IRM staff qualifications; develop a strategy for narrowing the gap between the\nrequired KSAs and those of the current IRM staff; and report progress made in improving IRM\ncapability. The Act also requires the Chief Information Officer (CIO) to assess the KSA requirements\nestablished for IRM personnel and ensure that those requirements link to IRM performance goals.\n\nTo assist federal agencies in complying with the requirements for assessing the IRM KSAs, the CIO\nCouncil developed the Clinger-Cohen Core Competencies to serve as a baseline for assessing KSAs.\nThe established core competencies provide a systematic process and are endorsed by federal\nagencies. The Department did not use them in its KSA assessments for the OCIO workforce; nor\nhas it used them in assessing whether the current requirements for its IRM workforce will enable it\nto meet its IRM performance goals. The Department also has not provided evidence that it used any\nspecific guidance, criteria, or systematic process in its workforce planning efforts or that the future\nrequirements for the IRM area have been coordinated with the Department\xe2\x80\x99s overall strategic plan.\n\nOCIO concurred with our finding and recommendations. In addition, based on the Department\xe2\x80\x99s\nresponse that it is no longer considering a merger of OCIO with the Office of Management (OM), we\neliminated the discussion of our concern about the Department\xe2\x80\x99s ability to maintain compliance with\nthe Act given its plans to merge those two offices.\n\n1\n Previously referred to as the Information Technology Management Reform Act of 1996, Division E of Public Law\n104-106, 110 Stat. 679 (1996).\n\nED-OIG                                        A07-E0002                                                   Page 1\n\x0c          Audit of the Department\xe2\x80\x99s Efforts in Identifying IRM KSAs \n\n\n\nFinding \xe2\x80\x93 The Department may not be Effectively Managing its IT Resources and\n              Accomplishing Department Goals in Compliance With the Clinger-Cohen Act\n\n\n\n\nThe Department\xe2\x80\x99s workforce planning efforts have been limited \xe2\x80\x93 directed at identifying a strategy\nfor replacing staff expected to retire in the next five years. However, the Department\xe2\x80\x99s planning\nefforts did not address the KSAs required for the remaining IRM staff. Further, the Department has\nnot provided evidence that it used any specific guidance, criteria, or systematic process in its limited\nworkforce planning efforts or that the future requirements for the IRM area are consistent with the\nDepartment\xe2\x80\x99s overall strategic plan. Without having identified the needed KSAs for all IRM staff,\nthe Department was not able to develop a comprehensive strategy to eliminate deficiencies between\nneeded and actual KSAs. Consequently, the Department may not be effectively managing its IT\nresources and accomplishing Department goals and, as a result, may not be in full compliance with\nClinger-Cohen Act requirements.\n\nThe Clinger-Cohen Act requires federal agencies to determine the KSAs required for agency\npersonnel in IRM and identify the current IRM staff qualifications; develop a gap analysis and\nstrategy for eliminating differences between the required KSAs and those of the current IRM staff;\nand report progress made in improving IRM capability. The Act also requires the CIO to assess the\nKSA requirements established for agency personnel in IRM and the adequacy of these requirements\nfor meeting IRM performance goals.\n\nSpecifically, the Clinger-Cohen Act (\xc2\xa7 5125(c)(3)) states that the CIO of an agency shall\n       annually, as part of the strategic planning and performance evaluation process\xe2\x80\xa6\n         (A) assess the requirements established for agency personnel regarding\n       knowledge and skill in information resources management and the adequacy of\n       such requirements for facilitating the achievement of the performance goals\n       established for information resources management;\n         (B) assess the extent to which the positions and personnel at the executive level\n       of the agency and the positions and personnel at management level of the agency\n       below the executive level meet those requirements;\n         (C) in order to rectify any deficiency in meeting those requirements, develop\n       strategies and specific plans for hiring, training, and professional development; and\n         (D) report to the head of the agency on the progress made in improving \n\n       information resources management capability. \n\n\nTo assist federal agencies in complying with the requirements for assessing the IRM KSAs, the CIO\nCouncil developed the Clinger-Cohen Core Competencies to serve as a baseline for assessing KSAs.\nAlthough the core competencies give agencies a great deal of latitude in KSA assessments, they\n\nED-OIG                                     A07-E0002                                             Page 2\n\x0cprovide a systematic process for deliberations in developing a set of KSAs needed in the IRM area.\nAccording to the CIO Council, using the core competencies allows CIOs to assess KSA\nrequirements in compliance with the Clinger-Cohen Act. These core competencies have been\nendorsed by government agencies as members of the CIO Council, including the Office of\nManagement and Budget (OMB), the U.S. General Accounting Office (GAO), and the Office of\nPersonnel Management (OPM); and are used at the CIO University for training IRM personnel in\nfederal agencies.\n\nIn addition to the Clinger-Cohen requirements, the President\xe2\x80\x99s Management Agenda includes\nrequirements, under the Human Capital initiative, to assess knowledge and skills for staff. It\nrequires agencies to assess the KSA requirements for personnel and determine their adequacy in\nachieving the performance goals established for agencies. According to GAO, the most important\nconsideration in identifying skills and competencies is clearly linking them to an agency\xe2\x80\x99s mission\nand long-term goals. GAO stated that if an agency identifies staff needs without linking those needs\nto strategic goals, the needs assessment might be incomplete and premature.\n\nThe Department completed limited workforce-planning efforts, including planning for the IT\nworkforce, and reported the results of its efforts in a Recruitment Plan. The Department\xe2\x80\x99s efforts\nfocused on positions where possible retirements in the next five years could leave vacancies. The\nspecific analyses performed included retirement eligibility, succession planning with a focus on\nsupervisory and managerial positions, and an inventory of the skills and competencies needed by the\nworkforce to successfully accomplish the Department\xe2\x80\x99s mission. Although the Department\xe2\x80\x99s plan\nidentified a strategy for replacing staff expected to retire in the next five years, it did not evaluate the\nKSA needs for all IRM staff. Consequently, the Department\xe2\x80\x99s recruitment plan may not accurately\nreflect its needs and any actions taken by the Principal Offices may not meet the needs of both\ncurrent and future workforce.\n\nThe Recruitment Plan stated that each Principal Office within the Department completed both a\nskills assessment and a skills gap analysis. However, without identifying the KSA needs for all\nIRM staff, the Department could not develop a comprehensive strategy to eliminate deficiencies\nbetween needed and actual KSAs. In addition, although the Department\xe2\x80\x99s Recruitment Plan\nidentified the most critical positions within OCIO, OCIO provided no evidence that it performed\nany kind of assessment of the actual position requirements, including an assessment of whether\nthose requirements assisted in meeting the IRM goals within the Department\'s Strategic Plan.\n\nOCIO\xe2\x80\x99s assessment focused on how it would fill positions that might become vacant over the next\nfive years due to employees retiring. OCIO developed a plan for closing the gap in KSAs created\nthrough expected, future retirements. The plan provided possible approaches for backfilling\npositions, including 1) whether qualified individuals exist in OCIO who could step into vacated\npositions; and 2) recruitment strategies for filling vacated positions through identifying employees\nelsewhere in the Department or through recruitment actions. Because the Recruitment Plan focused\nonly on retirement planning, it did not address the KSAs required for the remaining IRM staff. As\nsuch, the Department\xe2\x80\x99s workforce planning efforts, to date, have been limited and do not fully\ncomply with the Clinger-Cohen requirements for assessing IRM KSAs.\n\nThe Department\xe2\x80\x99s E-Government report to OMB provided information from the Department\xe2\x80\x99s\nRecruitment Plan. The Department also reported that it had developed specific training curriculum\n\nED-OIG                                      A07-E0002                                                Page 3\n\x0cto address identified deficiencies in the information security area; it would ensure that IT Project\nManagers have the skills necessary; and it would be tracking certifications of all IT Project\nManagers in the future. In addition, the report stated that the Department has developed a\ncompetency self-assessment tool that will assist in identifying individual competency development\nneeds in the current workforce. This tool, known as the Employee Skills Inventory System (ESIS),\nis a voluntary, web-based electronic self-assessment tool that employees can use to identify\ncompetencies related to their jobs and assess their skills based on the competencies. Its E-\nGovernment report indicates the Department\xe2\x80\x99s willingness to address identified deficiencies. The\nDepartment\xe2\x80\x99s reported actions are in various stages of implementation, however, the effective\nimplementation of all or any combination of the reported actions would not change our report\nfindings.\n\nAccording to the CIO Council, performing effectively in the established competency areas and\npossessing the knowledge, skills, and abilities under each competency area assists agencies in\ncomplying with KSA requirements in the Clinger-Cohen Act. Failure to use a systematic approach\nsuch as the established core competencies could result in the Department\xe2\x80\x99s failure to comply with\nthe Act\xe2\x80\x99s requirements. More specifically, because it did not assess its entire IRM workforce\nagainst established competencies, the Department may not have effectively determined where\nimportant skill gaps are and how to efficiently and effectively address those gaps. As a result, the\nDepartment\xe2\x80\x99s information resource management may not have the basic core competencies or KSAs\nneeded to effectively manage IT resources and investments. In addition, without a workforce plan\nthat delineates the relationship between KSA requirements and the Department\xe2\x80\x99s IRM goals, the\nDepartment could have difficulty identifying current and future KSAs needed to accomplish its\ngoals.\n\nRecommendations\n\nWe recommend that the Assistant Secretary, Office of Management and Chief Information Officer\n\n1. \t Use a systematic process such as the established core competencies in addressing the Clinger-\n     Cohen Act requirements related to KSAs for all IRM staff;\n\n2. \t Develop a comprehensive strategy to eliminate deficiencies between needed and actual KSAs;\n     and\n\n3.\t Ensure that skill assessments for OCIO are tied to the IRM performance goals included in the\n    Department\xe2\x80\x99s overall strategic plan.\n\n\nThe Department\xe2\x80\x99s Comments and OIG Response\n\nOCIO concurred with our finding and recommendations and provided a corrective action plan.\nBased on the Department\xe2\x80\x99s response that it is no longer considering a merger of OCIO with the\nOffice of Management (OM), we eliminated the discussion of our concern about the Department\xe2\x80\x99s\nability to maintain compliance with the Act given its plans to merge those two offices.\n\n\n\nED-OIG                                   A07-E0002 \t                                           Page 4\n\x0c          Audit of the Department\xe2\x80\x99s Efforts in Identifying IRM KSAs \n\n\n\n                                          Background \n\n\nThe Clinger-Cohen Act was enacted to address longstanding problems related to federal IT\nmanagement. Among other things, it requires federal agencies to\n\n\xe2\x80\xa2 \t Determine the KSAs required for agency personnel in IRM;\n\n\xe2\x80\xa2 \t Determine the extent positions and personnel at executive and management level meet those\n    requirements;\n\n\xe2\x80\xa2 \t Develop strategies for narrowing the gap between the required KSAs and those of the current\n    IRM staff, including specific plans for hiring, training, and professional development for any\n    identified deficiency; and\n\n\xe2\x80\xa2 \t Report progress made in improving IRM capability.\n\nOMB, GAO, and OPM provide guidance for implementing the Clinger-Cohen Act, including\nrequirements for obtaining and retaining the necessary KSA\xe2\x80\x99s for IRM. This guidance defines what\nan agency would need to accomplish in order to comply with the Act. In addition, the CIO Council\ndeveloped a set of core competencies to assist agencies in complying with the Clinger-Cohen Act\xe2\x80\x99s\nrequirements for assessing KSAs in the IRM area. The established core competencies are organized\ninto12 areas with detailed core competencies or KSAs under each area. These areas include\nLeadership/Managerial, Project/Program Management, Information Resources Strategy and\nPlanning, Enterprise Architecture, Capital Planning and Investment Assessment, and IT\nsecurity/information assurance. For a complete list of the 12 areas and the core competencies\nassociated with each see the Appendix.\n\n\n\n\nED-OIG                                    A07-E0002 \t                                          Page 5\n\x0c          Audit of the Department\xe2\x80\x99s Efforts in Identifying IRM KSAs \n\n\n\n                         Objectives, Scope, and Methodology \n\n\nThe objectives of our audit were to determine the Department\xe2\x80\x99s progress in 1) identifying the KSAs\nneeded for IRM; 2) developing a strategy to eliminate deficiencies between needed and actual\nKSAs; and 3) reporting progress made in improving IRM capability. We did not assess the KSAs\nfor OCIO organizationally nor did we assess KSAs of individuals within the Department\xe2\x80\x99s IRM\narea.\n\nTo accomplish our objective, we reviewed applicable policies and procedures, as well as laws,\nregulations, and agency guidelines. We interviewed officials in the CIO\xe2\x80\x99s office, including the CIO,\nto obtain information on the Department\xe2\x80\x99s goals, strategies, and staffing plans. We obtained and\nreviewed the Department\xe2\x80\x99s strategic plan, including the IRM section on strategic planning and\nworkforce analyses; and strategic program planning documents, including the plan that guided\nstaffing and the annual staffing plan. To meet our objectives, we did not use electronic data from\nthe Department.\n\nTo assist in assessing the Department\xe2\x80\x99s efforts, we reviewed GAO reports on human capital and\nworkforce planning at other federal agencies. We also reviewed human capital literature-including\nOPM\xe2\x80\x99s Human Capital Assessment and Accountability Framework as well as workforce planning\nmodels at OPM, OMB, and GAO.\n\nWe conducted work at the Department\xe2\x80\x99s CIO offices in Washington, D.C. and our OIG office in\nKansas City, MO, during the period October 2003 to April 2004. We held an exit conference with\nDepartment officials on June 15, 2004. Our audit was performed in accordance with generally\naccepted government auditing standards appropriate to the scope of the review.\n\n\n\n\nED-OIG                                   A07-E0002                                            Page 6\n\x0c          Audit of the Department\xe2\x80\x99s Efforts in Identifying IRM KSAs \n\n\n\n                         Statement on Management Controls \n\n\nAs part of our review, we gained an understanding of the Department\xe2\x80\x99s management control\nstructure applicable to the scope of the review. For purposes of this review, we assessed and\nclassified the significant management controls related to the Department\xe2\x80\x99s IT efforts into the\nplanning and assessment activities over the Department\xe2\x80\x99s IRM capabilities. The assessment also\nincluded a determination of whether the processes used by the Department provided a reasonable\nlevel of assurance of compliance with the Clinger-Cohen Act.\n\nBecause of inherent limitations, and the limited nature of our review, a study and evaluation made\nfor the limited purpose described above would not necessarily disclose material weaknesses in the\nmanagement control structure. However, our assessment identified a weakness in the Department\xe2\x80\x99s\nefforts to identify the KSAs needed for its IRM as set out in the Findings section of this report.\n\n\n\n\nED-OIG                                  A07-E0002                                           Page 7\n\x0c        Audit of the Department\xe2\x80\x99s Efforts in Identifying IRM KSAs\n\n\n\nAppendix I -- Clinger-Cohen Core Competencies                         (Revised June 2003)\n\n\nThe Clinger-Cohen Core Competencies, developed by the CIO Council, have been endorsed to\nserve as a baseline to assist government agencies in complying with Section 5125(C)(3) of the\nClinger-Cohen Act. To perform effectively in each competency area below, an organization should\npossess the knowledge, skills, and abilities in each competency.\n\n1.0 Policy and Organizational\n   1.1 Department/Agency missions, organization, functions, policies, procedures\n   1.2 Governing laws and regulations (e.g., the Clinger-Cohen Act, E-Government Act, GPRA,\n       PRA, GPEA, OMB Circulars A-11 and A-130, PDD 63)\n   1.3 Federal government decision-making, policy making process and budget formulation and\n       execution process\n   1.4 Linkages and interrelationships among Agency Heads, COO, CIO, and CFO functions\n   1.5 Intergovernmental programs, policies, and processes\n   1.6 Privacy and security\n   1.7 Information management\n\n2.0 Leadership/Managerial\n   2.1 Defining roles, skill sets, and responsibilities of Senior Officials, CIO staff and stakeholders\n   2.2 Methods for building federal IT management and technical staff expertise\n   2.3 Competency testing - standards, certification, and performance assessment\n   2.4 Partnership/team-building techniques\n   2.5 Personnel performance management techniques\n   2.6 Principles and practices of knowledge management\n   2.7 Practices which attract and retain qualified IT personnel\n\n3.0 Process/Change Management\n   3.1 Techniques/models of organizational development and change\n   3.2 Techniques and models of process management and control\n   3.3 Modeling and simulation tools and methods\n   3.4 Quality improvement models and methods\n   3.5 Business process redesign/reengineering models and methods\n\n4.0 Information Resources Strategy and Planning\n   4.1 IT baseline assessment analysis\n   4.2 Interdepartmental, inter-agency IT functional analysis\n   4.3 IT planning methodologies\n   4.4 Contingency planning\n   4.5 Monitoring and evaluation methods and techniques\n\n\n\n\nED-OIG                                     A07-E0002                                              Page 1\n\x0c5.0 IT Performance Assessment: Models and Methods\n   5.1 GPRA and IT: Measuring the business value of IT, and customer satisfaction\n   5.2 Monitoring and measuring new system development: When and how to "pull the plug" on\n        systems\n   5.3 Measuring IT success: practical and impractical approaches\n   5.4 Processes and tools for creating, administering, and analyzing survey questionnaires\n   5.5 Techniques for defining and selecting effective performance measures\n   5.6 Examples of, and criteria for, performance evaluation\n   5.7 Managing IT reviews and oversight processes\n\n6.0 Project/Program Management\n   6.1 Project scope/requirements management\n   6.2 Project integration management\n   6.3 Project time/cost/performance management\n   6.4 Project quality management\n   6.5 Project risk management\n   6.6 Project procurement management\n   6.7 System life cycle management\n   6.8 Software development\n\n7.0 Capital Planning and Investment Assessment\n   7.1 Best practices\n   7.2 Cost benefit, economic, and risk analysis\n   7.3 Risk management-models and methods\n   7.4 Weighing benefits of alternative IT investments\n   7.5 Capital investment analysis-models and methods\n   7.6 Business case analysis\n   7.7 Integrating performance with mission and budget process\n   7.8 Investment review process\n   7.9 Intergovernmental, Federal, State, and Local Projects\n\n8.0 Acquisition\n   8.1 Alternative functional approaches (necessity, government, IT) analysis\n   8.2 Alternative acquisition models\n   8.3 Streamlined acquisition methodologies\n   8.4 Post-award IT contract management models and methods, including past performance\n        evaluation\n   8.5 IT acquisition best practices\n\n9.0 E-Government/Electronic Business/Electronic Commerce\n   9.1 Strategic business issues & changes w/advent of E-Gov/EB/EC\n   9.2 Web development strategies\n   9.3 Industry standards and practices for communications\n   9.4 Channel issues (supply chains)\n   9.5 Dynamic pricing\n   9.6 Consumer/citizen information services\n   9.7 Social issues\n\nED-OIG                                  A07-E0002                                         Page 2\n\x0c10.0 IT security/information assurance\n   10.1 Fundamental principles and best practices in IA\n   10.2 Threats and vulnerabilities to IT systems\n   10.3 Legal and policy issues for management and end users\n   10.4 Sources for IT security assistance\n   10.5 Standard operating procedures for reacting to intrusions/misuse of federal IT systems\n\n11.0 Enterprise Architecture\n   11.1 Enterprise architecture functions and governance\n   11.2 Key enterprise architecture concepts\n   11.3 Enterprise architecture development and maintenance\n   11.4 Use of enterprise architecture in IT investment decision making\n   11.5 Interpretation of enterprise architecture models and artifacts\n   11.6 Data management\n   11.7 Performance measurement for enterprise architecture\n\n12.0 Technical\n   12.1 Emerging/developing technologies\n   12.2 Information delivery technology (internet, intranet, kiosks, etc.)\n   12.3 Desk Top Technology Tools\n\n Source: Chief Information Officers Council\n\n\n\n\nED-OIG                                    A07-E0002                                             Page 3\n\x0c     Appendix II \xe2\x80\x93 Auditee Comments on the Draft Report\n\n\n\n\nED-OIG                         A07-E0002 \n\n\x0c                          UNITED STATES DEPARTMENT OF EDUCATION\n\n                                                 OFFICE OF MANAGEMENT\n\n                                                                                                          ASSISTANT SECRETARY\n\n\n\n                                                     July 16, 2004\n\n\nTO:           Richard J. Dowd\n              Action Regional Inspector General for Audit\n              Office of Inspector Gene{\'X ./\n\nFROM:         William J. LeidingerW\\r\'-\'\n              Assistant Secretary for Management and Chief Information Officer\n\nSUBJECT:      DRAFT AUDIT REPORT - Audit ofthe Department\'s Efforts in Identifying IRM\n              KSAs Control No. ED-OIG/A07-E0002\n\nThank you for your draft audit report, Audit ofthe Department\'s Efforts in Identifying IRM \n\nKSAs, Control No. ED-OIG/A07-E0002 sent June 4,2004. The Office of the ChiefInformation \n\nOfficer (OCIO) concurs with the single finding, "The Department may not be effectively \n\nmanaging its IT resources and accomplishing Department goals in compliance with the Clinger\xc2\xad\n\nCohen Act." The following is our proposed corrective action to address the three \n\nrecommendations your office has provided related to this finding. \n\n\nRecommendation 1: Use a systematic process such as the established core competencies in \n\naddressing the Clinger Cohen Act requirements related to KSAs for all IRM staff. \n\nProposed Corrective Action: OCIO will work with the Office of Management Human \n\nResources Services (HRS) to use the Clinger-Cohen core competencies developed by the CIO \n\nCouncil, and included as an Appendix in your draft audit report, to expand the core competencies \n\nfor the IT Critical Occupation in Employee Skill Inventory System (ESIS). OCIO and HRS will \n\ndevelop and implement a strategy using ESIS to evaluate the actual and needed IT Knowledge, \n\nSkills and Abilities (KSAs) of Department staff based on these competencies. \n\n\nRecommendation 2: Develop a comprehensive strategy to eliminate deficiencies between \n\nneeded and actual KSAs. \n\nProposed Corrective Action: OCIO will work with HRS to develop a comprehensive strategy \n\nthat addresses IT KSAs for new hires and existing staff. HRS staff have begun meeting with all \n\nhiring managers prior to the posting of vacancies to strengthen the recruitment process. OCIO \n\nand HRS will review existing EdHlRES IT questions to ensure that the full range of desired \n\ncompetencies are included to further strengthen IT recruitments. The IT KSAs will continue to \n\nbe reviewed and emphasized when posting for IT positions. OCIO and HRS will develop \n\nlearning tracks associated with the core competencies for the IT Critical Occupation to address \n\nthe needed KSAs for existing staff. \n\n\n\n\n\n                                    400 MARYLAND AVE., S.W., WASHINGTON, D.C. 20202-4500\n                                                             www.ed.gov \n\n\n            Our mission is to ensure equal access to education and to promote educational excellence throughout the Nation. \n\n\x0cResponse to Draft Audit a/the Department\'s Efforts in IdentifYing IRM KSAs Control No. ED-OIG/A07-E0002\n\n\n\n\nRecommendation 3: Ensure that skill assessments for OCIO are tied to the IRM performance \n\ngoals included in the Department\'s overall strategic plan. \n\nProposed Corrective Action: OCIO will work with the Strategic Accountability Service to add \n\nIRM performance goals to the Department\'s overall strategic plan. \n\n\nYour draft audit report also included an "Other Matters" section that addressed a proposed \n\nreorganization ofOCIO that would merge it with the Office of Management. This proposed \n\nmerger is no longer being considered. Attached is the OCIO reorganization package that has \n\nreceived Department approval and is now being reviewed by the Union. The final proposal only \n\nincludes internal restructuring. \n\n\nPlease contact Nina Aten on my staff if you have any questions. Ms. Aten can be reached on \n\n202-401-5846. \n\n\nAttachment \n\n\n\n\n\n                                                Page 2 of2\n\x0c                                 UNITED STATES DEPARTMENT OF EDUCATION\n\n                                                      OFFICE OF MANAGEMENT\n\n\n\n\n                                                                    JUL - 9 2004\n\n\n\nMEMORANDUM\n\nTO:                 James Keenan, Director\n\n\nFROM:               ::~::::::5":t~\n                            C.CJ\xc2\xad\n                    Executive Office\n\nSUBJECT:            Reorganization of OCIO\n\nThe OM Executive Officer has approved the attached request to reorganize the Office of the\nChief Information Officer.\n\nPlease arrange to notify the Union of this action if you believe that they should be notified. Your\ncontact is Michell Clark who can be reached on (202) 260-7337. \n\n\nPlease let me know when and ifthe Union consultative meetings are scheduled. \n\n\nAttachments \n\n\n\n\ncc: Michell Clark\n\n\n\n\n                                400 MARYLAND AVE.,     s.w., WASHINGTON, D.C. 20202-4500\n                                                       www.ed.gov\n      Our mission is to ensure equal access to education and to promote educational excellence throughout the Nation.\n\x0cJ\n\n\n\n\n                           UNITED STATES DEPARTMENT OF EDUCATION\n\n                                      OFFICE OF THE CHIEF INFORMATION OFFICER\n\n                                                                                             THE CHIEF INFORMATION OFFICER\n\n\n\n                                                                                                      June 16,2004\n\n    MEMORANDUM\n\n    To:        Keith Berger, Executive Officer\n\n    From:      William J. Leidinger           W~\n    Subject: Necessary Organizational Changes for the Office of the Chief\n             Information Officer\n\n    This memorandum requests approval of a reorganization of the Office of Chief\n    Information Officer (OCIO). This reorganization is intended to enhance OCIO\'s ability\n    to serve the Department while better aligning the structure of the OCIO with the busihess\n    needs of the Department. In addition, the reorganization establishes direct responsibility\n    for those areas that require coordination on IT assets, policies and functions across the\n    Department. The resulting OCIO organization will achieve these purposes:\n\n          .,,; \t Better enables the accomplishment of the CIO responsibilities as outlined in the\n                 Government Information Security Reform Act (GISRA) and the Federal\n                 Information Sec\'urity Management Act (FISMA) .\n\n          .,,; \t Aligns and prioritizes the information technology security policies, procedures\n                 and control functions under the CIO that are vested in the ChiefInformation\n                 Security Officer (CISO) .\n\n          .,,; \t Aligns the CISO directly under the CIO as required under GISRA and FISMA.\n\n          .,,; \t Provides a central focus for training and overseeing personnel with significant\n                 information technology security responsibilities .\n\n          .,,; \t Enhances the coordination and execution of the critical infrastructure protection\n                 responsibilities vested in the Department\'s Critical Infrastructure Officer (CIAO)\n                 as required in Presidential Decision Directive (PDD) 63. PDD 63 provides a\n                 framework for protecting critical infrastructure, which is generally referred to as\n                 those physical and cyber based systems essential to the minimum operations of\n                 the economy and government. The directive requires every department and\n                 agency to appoint a CIO who shall be responsible for the protection of its critical\n                 infrastructure.\n\n\n\n\n                                      400 MARYLAND AVE., S.W., WASHINGTON, D.C. 20202-4580\n                                                               www.ed.gov\n\n              Our mission is to ensure equal access to education and to promote educational excellence throughou.t the Nation.\n\x0cKeith Berger - Page 2\n\nThe specific changes proposed are as follows:\n\n   \xe2\x80\xa2 \t Move the Development Services Group from Information Management to\n       Information Technology Operations and Maintenance Services. This will enable\n       the Development Services Group, which develops, maintains and updates the\n       department\'s web sites, to be part of, and integrated with, the group that it works\n       most closely with and which supports and operates the Department\'s web sites.\n\n   \xe2\x80\xa2 \t Move the information collection, FOIA, the Government Paperwork Elimination\n       Act and records management functions from Information Management to the new\n       Regulatory and Information Management Services. The performance\n       improvement of these functions is a high Department priority. These functions\n       will receive more focus and attention, and closer supervision and direction than\n       was possible when these functions were in Information Management.\n\n   \xe2\x80\xa2 \t Move the enterprise architecture, data architecture, system development life cycle\n       development process, and the business-technology interface functions from\n       Information Management to an Enterprise Architecture Team in the new Business\n       and Enterprise Integration Services.\n\n   \xe2\x80\xa2 \t Move the Investment Management Group from Information Management to the\n       new Business and Enterprise Integration Services.\n\n   \xe2\x80\xa2 \t The co-locating of Enterprise Architecture and Investment and Acquisition\n       Management as the components of Business and Enterprise Integration Services\n       will effectively link the knowledge of the Department\'s business with the\n       development and upgrading of the Department\'s enterprise architecture and its\'\n       ongoing IT investment planning and decision process.\n\n    \xe2\x80\xa2 \t Eliminate the Information Management Group.\n\n    \xe2\x80\xa2 \t Move the Information Assurance Group directly under the CIO. This will\n        strengthen the Department\'s adherence to the requirements outlined in Clinger\xc2\xad\n        Cohen as well as full integration and coordination of all security and critical\n        infrastructure protection functions.\n\n    The OM Executive Office will formally service the Office of the ChiefInformation\n    Officer. It has been doing so by agreement with the Chief Information Officer for the\n    past year. The staffing of the Executive Office is unchanged and is not included in\n    the staffing patterns.\n\x0cKeith Berger - Page 3\n\nAlthough there will be necessary personnel moves because of movement of functions, we\nare committed to assuring that there will be no adverse personnel impact on any OM or\nOCIO employees as a result of this reorganization.\n\nWe will work with The Department\'s Delegations Control Officer to develop any\nnecessary changes to existing delegations of authority that will be affected the\nreorganization.\n\nAttachments:\n\nTab A:   Current Organization Chart\nTab B:   Proposed Organization Chart\nTab C:   Current Functional Statements\nTab D:    Proposed Functional Statements\nTab E:    Current Staffing Pattern for Affected Units\nTab F:    Proposed Staffing Pattern for Affected Units\n\x0c          TABB\n\nProposed Organization Chart\n\x0c                                       OFFICE OF \n\n                                       THE CHIEF \n\n                                  INFORMATION OFFICER \n\n                                        PRINCIPAL DEPUTY \n\n                                       CHIEF INFORMATION \n\n                                            OFFICER \n\n\n\n                                                             DEPUTY CHIEF \n\n                                                         INFORMATION OFFICER! \n\n                                                   -\n      CHIEF TECHNOLOGY \n\n                                                                OFFICER \n\n\n\n\n\n            I                                                                                T                          1\n                                    INFORMATION TECHNOLOGY \n\n     BUSINESS AND \n                                                                     REGULATORY\n                                          OPERATIONS \n                                                        INFORMATION ASSURANCE\nENTERPRISE INTEGRATION \n                                                          INFORMATION MANAGEMENT\n                                        AND MAINTENANCE \n                                                            SERVICES\n       SERVICES \n                                                                        SERVICES\n                                            SERVICES \n\n\n\n\n\n   INVESTMENT \n\n AND ACQUISITION \n           PRODUCTION                     SECURITY AND            INFORMATION POLICY\n MANAGEMENT TEAM \n           MANAGEMENT       f-        RELIABILITY ASSURANCE         AND STANDARDS    I-\xc2\xad\n                                TEAM                             TEAM                      TEAM\n\n\n    ENTERPRISE \n\n   ARCHITECTURE \n                                          DEVELOPMENT               INFORMATION MGMT\n                           NETWORK SERVICES\n       TEAM                     TEAM\n                                              f-             SERVICES                  CASE SERVICES    f-\xc2\xad\n                                                               TEAM                        TEAM\n\n\n\n                               END USER                      ASSISTIVE\n                           SUPPORT SERVICES                 TECHNOLOGY\n                                 TEAM                          TEAM\n\n\n\n                                            PROJECT \n\n                                          MANAGEMENT \n\n                                             TEAM \n\n\x0c           TABD\n\nProposed Functional Statements\n\x0c                      OFFICE OF THE CHIEF INFORMATION OFFICER \n\n\nSECTIONS \n\n\nI.     MISSION AND RESPONSIBILITIES\n\nII.    ORGANIZATION\n\nIII.   ORDER OF SUCCESSION\n\nIV.    FUNCTIONS AND RESPONSIBILITIES OF THE OFFICE OF THE CHIEF\n       INFORMATION OFFICER (OCIO) COMPONENTS\n\n       A. IMMEDIATE OFFICE OF THE CHIEF INFORMATION OFFICER\n\n       B. INFORMATION MANAGEMENT\n\n       C. INFORMATION TECHNOLOGY\n\n       D. ENTERPRISE STRATEGY AND INFORMATION ASSURANCE\n\nIV.    PRIMARY DELEGATIONS OF AUTHORITY\n\nI.     MISSION AND RESPONSIBILITIES\n\n       The mission of the Office of the ChiefInformation Officer (OCIO) is to provide advice\n       and assistance to the Secretary and other senior officers to ensure that information\n       technology is acquired and information resources are managed for the Department in a\n       manner that is consistent with the requirements of the Clinger-Cohen Act (40 U.S.C.\n       11315), the Paperwork Reduction Act of 1995 (44 U.S.C. chap. 35) and industry best\n       practices. The agency\'s Chief Information Officer is charged with implementing the\n       operative principles identified in the Act requiring the establishment of a management\n       framework to improve the planning and control of information technology investments\n       and leading change to improve the efficiency and effectiveness of agency operations.\n\n       The CIO reports directly to the Secretary and UnderSecretary and provides leadership\n       and direction to:\n\n       \xe2\x80\xa2       Develop, maintain, and facilitate the implementation of a sound and integrated\n               information technology enterprise architecture;\n\n       \xe2\x80\xa2       Promote the effective and efficient design and operation of major Departmental\n               information resource management processes and recommend, as appropriate,\n               improvements to agency business processes;\n\n           \xe2\x80\xa2   Manage agency information resources to improve the productivity, efficiency,\n               and effectiveness of Federal programs inclusive of information dissemination\n               initiatives and efforts to reduce information collection burdens;\n\n\n\nOCIOIIO - Page 1                                                 P,ROPOSED: 07114/04\n\x0c                OFFICE OF THE CHIEF INFORMATION OFFICER \n\n\n     \xe2\x80\xa2 \t Develop Information Technology (IT), Information Management (IM), and\n         Information Assurance (IA) requirements, completing costlbenefit analysis of\n         proposed solutions, managing projects in accordance with sound systems life\n         cycle management procedures and establishing performance standards and\n         measures to assess success of short and long term solutions;\n\n     \xe2\x80\xa2 \t Define and manage IT, 1M, and IA capital planning and investment management\n         processes to ensure that they are successfully implemented and integrated with the\n         Department\'s budget, acquisition and planning processes;\n\n      \xe2\x80\xa2 \t Develop and submit recommendations to the Investment Review Board (IRB) \n\n          regarding IT, 1M, IA capital investments to assure that investment decisions are \n\n          mission aligned, cost justified and approved only after careful and systematic \n\n          reVIew; \n\n\n     \xe2\x80\xa2 \t Monitor the performance of the agency\'s IT, 1M, and IA programs and\n         investments, evaluating them against performance and other applicable measures,\n         and advising the Secretary regarding their continuation, modification or\n         termination;\n\n      \xe2\x80\xa2 \t Assess IT, 1M, and IA competencies defined for agency personnel to ensure that\n          Departmental employees are technologically prepared to achieve the\n          Department\'s strategic goals;\n\n      \xe2\x80\xa2 \t Develop IT and 1M requirements, analyze the projected cost and benefits of \n\n          alternative IT and 1M solutions, and establish performance standards and \n\n          measures to assess short and long range solutions; \n\n\n      \xe2\x80\xa2 \t Administer the Department\'s information resource management program,\n          including records management, automated data processing activities, the\n          Paperwork Reduction Act, Government Paperwork Elimination Act, Freedom of\n          Information Act, Privacy Act, and the Information Quality Guidelines;\n\n      \xe2\x80\xa2 \t Manage the agency\'s IT Security Program for automated information systems,\n          developing agency-wide policy for the protection and control of information\n          resources directly or indirectly related to the activities of the Department;\n\n      \xe2\x80\xa2 \t Implement a Department-wide communications Internet/Intranet strategy;\n\n      \xe2\x80\xa2 \t Deploy and maintain all enterprise-wide information technology;\n\n      \xe2\x80\xa2 \t Develop recommendations and implement information technology solutions \n\n          designed to enhance and enable agency business processes; \n\n\n      \xe2\x80\xa2 \t Develop and provide technology standards to assure business alignment and \n\n          promote a viable enterprise technology framework; \n\n\n\n\noelOIIO - Page 2 \t                                            PROPOSED: 07/14/04\n\x0c                   OFFICE OF THE CHIEF INFORMATION OFFICER \n\n\n       \xe2\x80\xa2 \t Provide administrative and technical support to the agency\'s Data Integrity Board and\n           monitor the Department\'s compliance with the Computer Matching and Privacy\n           Protection Act.\n\nII.     ORGANIZATION\n\n        The Office of the Chief Information Officer (OCIO) is under the immediate supervision\n        of the Chief Information Officer (CIO). In carrying out the responsibilities of the\n        Department described in 44 U.S.C. 3506,40 U.S.C. 11315(b) and (c), and Executive\n        Order 13011, the ChiefInformation Officer reports directly to the Secretary and Under\n        Secretary.\n\nIII.    ORDER OF SUCCESSION\n\n       The Order of Succession for the Office of the Chief Information Officer is as follows:\n\n          Principal Deputy Chief Information Officer \n\n          Deputy Chief Information Officer/Chief Technology Officer \n\n          Director, Information Technology \n\n          Director, Information Management. \n\n\n\n\n\n OCIOIIO - Page 3 \t                                             PROPOSED: 07/14/04\n\x0c                  OFFICE OF THE CHIEF INFORMATION OFFICER \n\n\nIV. FUNCTIONS AND RESPONSIBILITIES OF OCIO COMPONENTS\n\nA. THE CHIEF INFORMATION OFFICER\n\nThe Chief Information Officer (CIO) provides advice and other assistance to the Secretary and\n Under Secretary in information technology (IT) matters and other IT activities and functions\nas directed. The CIO is responsible for developing and maintaining a sound and integrated IT\narchitecture for the Department while also promoting the efficient design and operation of all\nmajor information resources processes for the agency. The CIO provides strategic leadership\nand executive direction to the office\'s organizational components to ensure successful\naccomplishment of the office\'s mission. The CIO manages the agency\'s relationship to Federal\nCIO Council Initiatives and coordinates Council activities throughout the Department.\n\nThe Principal Deputy Chief Information Officer ( PD CIO) serves as the alter ego for and\nsupports the CIO in IT matters and other activities and functions as directed. The PD CIO\nassists the CIO by providing day-to-day operational priorities, strategic leadership and\nexecutive direction to the Office\'s organizational components to ensure successful\naccomplishment of the Office\'s mission. The PD CIO performs administrative duties such as\nperformance evaluations for the Deputy CIO/CTO and other senior leadership within the\nOffice. The PD CIO provides advice to the Secretary, other Senior Officers and the CIO, and\npromotes the effective and efficient design and operation of all major information resources\nprocesses for the Department.\n\nThe Deputy Chief Information Officer/Chief Technology Officer (CTO) assists the CIO in the\ndevelopment of standards, guidelines, and policies to transform current ED data collection and\ninformation management processes. The CTO advises the ASM/CIO and PD CIO on new and\nemerging technologies in the areas of communication, information technology, and IT system\ndevelopment that may benefit the Department. The CTO supervises the operation of Business\nand Enterprise Integration Services.\n\nB. INFORMATION TECHNOLOGY OPERATIONS AND MAINTENANCE SERVICES\n\nInformation Technology Operations and Maintenance Services supports the CIO\'s efforts in all\nactivities related to network information enterprise, to include network security, network and\ntelecommunications design and operations, end user services, production server hosting services,\nand ED\'s intranet and Internet services as well as maintains and operates ED\'s disaster recovery\nfacility.\n\nThe Office is headed by a Director who reports to the Chief Information Officer. Information\nTechnology Operations and Maintenance Services is divided into the following seven teams:\n\n    \xe2\x80\xa2   Production Management Team;\n    \xe2\x80\xa2   Network Services Team;\n    \xe2\x80\xa2   End User Support Services Team;\n    \xe2\x80\xa2   Security and Reliability Assurance Team;\n\n\nOCIO - Page 1                                                     PROPOSED: 7/07/04\n\x0c                   OFFICE OF THE CHIEF INFORMATION OFFICER \n\n\n   \xe2\x80\xa2 \t Development Services Team.\n   \xe2\x80\xa2 \t Assistive Technology Team; and\n   \xe2\x80\xa2 \t Project Management Team\n\n\nProduction Management Team\n\nThe Production Management Team administers all servers that comprise EDNET which process\nall shared applications used throughout the Department.\n\nIn performing its responsibilities, the Team:\n\n\xe2\x80\xa2 \t Manages the daily operation and maintenance of all departmental servers that are hosted\n    within EDNet.\n\n\xe2\x80\xa2 \t Provides scheduled backups, upgrades, and maintenance of EDNet hosted servers.\n\n\xe2\x80\xa2 \t Coordinates the overall operation of the Department\'s IT infrastructure.\n\n\xe2\x80\xa2 \t Reccomends the Server Technology component of the enterprise architecture.\n\n\xe2\x80\xa2 \t Manages all mainframe, timesharing and related server services that offer cent~alized support\n    to users Department-wide, including the Department\'s network.\n\n\xe2\x80\xa2 \t Designs and maintains the Department messaging services that allows it to quickly\n    communicate with its employees, contractors, the citizenry, schools, municipalities, states,\n    and researchers.\n\nNetwork Services Team\n\nThe Network Services Team provides amd maintains the infrastructure that allows individual\nDepartmental end users to access shared applications that are hosted throughout the world from\ntheir local personal computers. Also, this Team maintains the telephone and video conferencing\nsystems.\n\nIn performing its responsibilities, the Team:\n\n\xe2\x80\xa2 \t Orders and implements telecommunications services including local, long distance and \n\n    dedicated services. \n\n\n\xe2\x80\xa2 \t Operates and maintains video telecommunications services for the Department.\n\n\xe2\x80\xa2 \t Administers the Network Control Center for the Department.\n\n\n\n\nOCIO - Page 2 \t                                                     PROPOSED: 7/07/04\n\x0c                   OFFICE OF THE CHIEF INFORMATION OFFICER \n\n\n\xe2\x80\xa2 \t Champions emerging collaborative technologies to make Department-wide users more\n    effective in dealing with their peers and customers.\n\n\xe2\x80\xa2 \t Provides an access path for all End Users to be able to use IT infrastructure down to\n    individual workstations, telephone handsets, IPTV displays, and video conferencing rooms.\n\n\xe2\x80\xa2 \t Manages the IT cabling plan.\n\nEnd User Support Services Team\n\nThe End User Support Services Team ensures that all departmental employees regardless of their\nlocations have appropriate access to the Department\'s services and that their personal computers\nwork properly.\n\nIn performing its responsibilities, the Team:\n\n\xe2\x80\xa2 \t Manages the Help Desk, which is the entry point for virtually all requests for IT services.\n\n\xe2\x80\xa2 \t Provides work station on-site support.\n\n\xe2\x80\xa2 \t Manages and provides operational support for all office automation activities throughout the\n    Department.\n\n\xe2\x80\xa2 \t Provides project management support for ED technology customers that are relocating\n    offices.\n\n\xe2\x80\xa2 \t Oversees installation and disposal of workstation equipment.\n\n\xe2\x80\xa2 \t Provides operations support and serves as a liaison in the field for the Secretary\'s Regional \n\n    Representatives (SRRs). \n\n\n\xe2\x80\xa2 \t Supports SRR implementation of agency-wide technology and applications solutions in the \n\n    regional offices and provides ongoing customer and technical support. \n\n\nSecurity and Reliability Assurance Team\n\nThe Security and Reliability Assurance Team protects the overall network from hostile attacks as\nwell as manages a disaster recovery facility for all of the Department\'s critical applications.\nAlso, the team ensures that all additions to hardware and sofware are adequately tested prior to\ntheir inclusion into EDNET.\n\nIn performing its responsibilities, the Team:\n\n\xe2\x80\xa2 \t Performs multi-tiered indepth defense against cyberterrorist attacks from viruses, worms, and\n    hackers.\n\nOCIO - Page 3 \t                                                      PROPOSED: 7/07/04\n\x0c                   OFFICE OF THE CHIEF INFORMATION OFFICER \n\n\n\n\xe2\x80\xa2 \t Ensures reliable execution of all hosted servers through executing a production promotion\n    process that test all updates to the production environment prior to implementation.\n\n\xe2\x80\xa2 \t Directs all activities related to the agency\'s alternate site for redundant systems as prescribed\n    by the Department\'s system Disaster Recover Plans and Continuity of Operations Plan.\n\n\xe2\x80\xa2 \t Provides facility management support to the agency\'s alternate data processing center.\n\n\xe2\x80\xa2 \t Maintains portal security.\n\n\xe2\x80\xa2 \t Tests and evaluates all EDNet equipment.\n\n\xe2\x80\xa2 \t Provides administrative support to the Change Control Review Board.\n\n\xe2\x80\xa2 \t Develops and enforces processes and procedures to ensure sound configuration control and\n    change management of EDNet and its tenant systems.\n\nDevelopment Services Team\n\nThe Development Services Team manages the web-based applications that support and enhance\nthe agency\'s on-line business processes and provide additional application development support\nacross the enterprise.\n\nIn performing its responsibilities, the Team:\n\n\xe2\x80\xa2 \t Develops and manages internet and intranet applications and coordinates the delivery of\n    appropriate training for Departmental users.\n\n\xe2\x80\xa2 \t Enhances education information dissemination, develop new information resources and\n    improve on-line business processes.\n\n\xe2\x80\xa2 \t Defines and explores opportunities for Government-to-Customer, Government-to-Business\n    and Government-to-School e-business initiatives and measures effectiveness of new\n    endeavors\n\n\xe2\x80\xa2 \t Maintains and operates ED\'s internet Web site, ed.gov.\n\n\xe2\x80\xa2 \t Maintains and operates ED\'s intranet Web site, connectED.\n\n\xe2\x80\xa2 \t Takes responsibility for putting content on the Web sites, including providing tools for \n\n    adding Web site content. \n\n\n\xe2\x80\xa2 \t Works with Principal Offices on developing new content and updating existing content on\n    the ed.gov and connectED Web sites.\n\n\nOCIO - Page 4 \t                                                       PROPOSED: 7/07/04\n\x0c                   OFFICE OF THE CHIEF INFORMATION OFFICER \n\n\n\nAssistive Technology Team\n\nThe Assistive Technology Team evaluates and tests software applications and hardware to\nensure compatibility with the legislative requirements of Section 508 of the Rehabilitation Act of\n1973 (29 USC 794d) and the agency\'s operating environment.\n\nIn performing its responsibilities, the Team:\n\n\xe2\x80\xa2 \t Assists program offices with the evaluation, testing and implementation of assistive\n    technology solutions for individuals with disabilities.\n\xe2\x80\xa2 \t Serves as liaison to schools and other federal agencies to facilitate the evaluation and\n    implementation of assistive technology solutions in the classroom and the workplace.\n\n\xe2\x80\xa2\t    Provides advice to program offices regarding section 508 requirements for grant\n     competitions.\n\nProject Management Team\n\nThe Project Management Team ensures that all IT operation\'s projects are professionally\nmanaged and that IT delivers on its commitments.\n\nIn performing its responsibilities, the Team:\n\n\xe2\x80\xa2 \t Provides a core of qualified project managers that executes the OCIO\'s formal project\n    management process in support of EDNET customers who require new solutions to be\n    developed.\n\n\xe2\x80\xa2 \t Performs technology assessment and analysis.\n\n\xe2\x80\xa2 \t Provides administrative support to the Technology Review Board.\n\n\xe2\x80\xa2 \t Defines IT design elements and develops and tests solutions for emerging customer \n\n    requirements. \n\n\nC. \t BUSINESS AND ENTERPRISE INTEGRATION SERVICES\n\nBusiness and Enterprise Integration Services (BEIS) provides leadership, oversight, and\ncoordination of the Department\'s effort to ensure that its Information Technology (IT)\ninvestments support ED\'s strategic plan and are business driven. In particular, this relates to the\nfollowing activities within the Department of Education:\n\n     \xe2\x80\xa2    Capital Planning and Investment Control (CPIC);\n     \xe2\x80\xa2\t   Enterprise Architecture development, usage and change management;\n     \xe2\x80\xa2\t   Enterprise Architecture product quality and compliance measurement;\n     \xe2\x80\xa2    Business Technology Interface;\n\n OCIO - Page 5 \t                                                    PROPOSED: 7/07/04\n\x0c-,\n\n                        OFFICE OF THE CHIEF INFORMATION OFFICER \n\n\n        \xe2\x80\xa2 \t Systems Development Life Cycle; and\n        \xe2\x80\xa2 \t IT Acquisition support.\n\n     BEIS is responsible for providing policies, standards, and procedures that ensure ED offices\n     comply with the Department\'s investment review process and enterprise architecture. In addition,\n     BEIS provides instruction to customers to help educate and support them in their investment\n     review and enterprise architecture efforts.\n\n     The Deputy CIO/CTO is responsible for leadership, policy guidance, quality control, and\n     coordination for Business & Enterprise Integration Services. The Deputy CIO/CTO also ensures\n     that the operations of BEIS are consistent with federal laws and directives as well as Department\n     standards, policies, and procedures. Furthermore, BEIS ensures that its operations are carried out\n     in an effective and efficient manner, and are customer-oriented.\n\n     BIES is comprised of two Teams:\n\n        \xe2\x80\xa2 \t Investment and Acquisition Management Team; and\n        \xe2\x80\xa2 \t Enterprise Architecture Team.\n\n     Investment and Acquisition Management Team\n\n     The Investment and Acquisition Management Team is responsible for developing and\n     implementing strategies and programs designed to enhance the Department\'s business case\n     preparation ahd capital investment management and planning. The Team is also responsible for\n     providing IT acquisition support to OCIO and the Department\n\n     In performing its responsibilities, the IT Investment Management Team:\n\n         \xe2\x80\xa2 \t Develops and submits recommendations to the Investment Review Board (IRB)\n             regarding IT investments (including projects, systems, IT workforce and initiatives)\n             to assure that investment decisions are mission aligned, cost justified and approved\n             only after careful and systematic review.\n\n         \xe2\x80\xa2 \t Defines and manages IT investment management processes through a long-range\n             planning and a disciplined budget decision making process to achieve performance\n             goals and objectives with minimal risk, lowest life-cycle costs and greatest benefits\n             for the agency. Ensures that the processes are successfully implemented and\n             integrated with the Department\'s budget, performance-based acquisition and planning\n             processes\n\n         \xe2\x80\xa2 \t Oversees business case preparation for IT activities and services.\n\n         \xe2\x80\xa2 \t Defines capital planning and investment policies and procedures so that the Department\n             can best manage its resources and can measure and evaluate the benefits of investment\n             decisions.\n\n\n\n     OCIO - Page 6 \t                                                     PROPOSED: 7/07/04\n\x0c                     OFFICE OF THE CHIEF INFORMATION OFFICER \n\n\n   \xe2\x80\xa2     Coordinates and supports investment decision processes across the agency that are\n         prescibed by the Clinger-Cohen Act of 1996.\n\n  \xe2\x80\xa2 \t Coordinates activities with the OCIO and across offices that link mission needs and \n\n      capital assets in an effective and efficient manner. \n\n\n   \xe2\x80\xa2 \t Develops and promotes Department-wide IT investment performance measures to assess\n       agency progress in meeting requirements under the Government Performance and Results\n       Act, the Information Technology Reform Act, and other relevant legislation.\n\n   \xe2\x80\xa2 \t Administers and provides oversight for procurement and contract management of IT\n       activities, and provides acquisition support to IT staff.\n\n   \xe2\x80\xa2 \t Facilitates Department IT acquisition activities and manages the office\'s relationships\n       with vendors and other OCIO contractors.\n\n   \xe2\x80\xa2 \t Manages Department-wide software and system licenses, including procurement, test,\n       and implementation phases.\n\nEnterprise Architecture Team\n\nThe Enterprise Architeture Team is responsible for capturing the description of how the\nDepartment does its business, and what information, data, and technology are required to\nsupport the business. Furthermore, the Enterprise Architeture Team is responsible for the\nDepartment\'s system development life cycle and the business technology interface. The\nTeam also includes Business Technology Advisors who provide direct coordination services\nbetween OCIO and the Principal Offices.\n\nIn performing its responsibilities, the Enterprise Architecture Team:\n\n   \xe2\x80\xa2 \t Develops, maintains, and facilitates the implementation of a sound and integrated IT\n       enterprise architecture.\n\n   \xe2\x80\xa2 \t Provides written organizational policy, for approval by the Executive Management Team\n       and the Investment Review Board, regarding the governance of the enterprise\n       architecture.\n\n       \xe2\x80\xa2 \t Uses the enterprise architecture to analyze IT solutions and ensure that they support the\n           business of the Department.\n\n       \xe2\x80\xa2 \t Leverages methodologies to eliminate redundancies, reduce cost, and manage change.\n\n       \xe2\x80\xa2 \t Provides Business Technology Interface support to document requirements for, analyze,\n           and justify each business case presented to the Investment Review Board.\n\n\n\n\nOCIO - Page 7 \t                                                        PROPOSED: 7/07/04\n\x0c                   OFFICE OF THE CHIEF INFORMATION OFFICER \n\n\n   \xe2\x80\xa2 \t Uses the enterprise architecture to analyze deliverables proposed by Principal Offices\n       to ensure the statements of work are complete, as outlined in the Systems\n       Development Life Cycle (SDLC).\n\n   \xe2\x80\xa2 \t Monitors and provides reviews for enterprise (information, data, systems, and \n\n       technology) within the SDLC, CPIC, and acquisition processes. \n\n\n   \xe2\x80\xa2 \t Ensures enterprise architecture products are identified, tracked, monitored, documented,\n       reported, and audited.\n\n   \xe2\x80\xa2 \t Manages and provides enterprise architecture repository maintenance, oversight, training,\n       and version control.\n\n   \xe2\x80\xa2 \t Ensures enterprise architecture products and supporting processes are prepared to undergo\n       an independent verification and validation.\n\n   \xe2\x80\xa2 \t Applies metrics for measuring enterprise architecture progress, quality, compliance, in\n       order to calculate the return on investment.\n\nD. \t Regulatory Information Management Services\n\nRegulatory and Information Management Services (RIMS) provides leadership, oversight, and\ncoordination to ensure Departmental compliance with government initiatives regarding the\nacquisition, release and maintenance of information. In particular, this relates to the following\nactivities within the Department of Education:\n\n   \xe2\x80\xa2\t   Freedom ofInformation Act (FOIA);\n   \xe2\x80\xa2\t   Privacy Act;\n   \xe2\x80\xa2\t   Records Retention and Management;\n   \xe2\x80\xa2\t   Information Collection;\n   \xe2\x80\xa2\t   Government Paperwork Elimination Act (GPEA); and\n   \xe2\x80\xa2\t   Information Quality Guidelines (lQG).\n\nRIMS is responsible for providing policies, standards, and procedures that ensure ED complies\nwith governmental information management requirements in the above areas. In addition, RIMS\nprovides instruction to assure that customers are educated and supported in the performance of\nthese efforts.\n\nThe office is headed by a Director who reports to the Chief Information Officer. RIMS includes\ntwo teams:\n\n    \xe2\x80\xa2 \t Information Policy and Standards Team; and\n    \xe2\x80\xa2 \t Information Management Case Services Team.\n\n\n\n\nOCIO - Page 8 \t                                                     PROPOSED: 7/07/04\n\x0c                   OFFICE OF THE CHIEF INFORMATION OFFICER \n\n\n   The office of the Director includes a Special Assistant for Appeals Services who is\n   responsible for the oversight, coordination and disposition of all agency appeals regarding the\n   Freedom ofInformation Act (FOIA) and the Department\'s IQGs.\n\nInformation Policy and Standards Team\n\nThe Information Policy and Standards Team is responsible for developing and implementing\nstrategies and programs designed to enhance the Department\'s responsiveness to government\ninformation management requirements regarding the acquisition, release and maintenance of\ninformation.\n\nIn performing its responsibilities, the Information Policy and Standards Team:\n\n   \xe2\x80\xa2 \t Promotes the effective and efficient design and operation of major ED information\n       resource management processes; and, as appropriate, examines and recommends\n       improvements to agency business processes.\n\n   \xe2\x80\xa2 \t Supports the policies and procedures of management, analysis and protection of federal,\n       state, and local data collected and disseminated by the Department.\n\n   \xe2\x80\xa2 \t Articulates standards for the Department\'s IQG\'s, and provides guidance and technical\n       assistance to program offices on quality, dissemination, privacy, and security issues.\n\n    \xe2\x80\xa2 \t Issues directives and handbooks to support and enhance the performance of agency\n        responsiveness to information management initiatives.\n\n    \xe2\x80\xa2 \t Provides instruction designed to help agency personnel better coordinate intra- and inter\xc2\xad\n        agency efforts regarding the acquisition, release and maintenance of information.\n\n    \xe2\x80\xa2 \t Supports agency information to improve the productivity, efficiency, and effectiveness of\n        federal programs including information dissemination initiatives and efforts to reduce\n        information collection burdens.\n\n    \xe2\x80\xa2 \t Champions e-records management and works to ensure that enterprise-wide e-records\n        policies are adopted.\n\n    \xe2\x80\xa2 \t Works with client offices to plan for and coordinate enterprise-wide information access,\n        data collection and records management activities.\n\n    \xe2\x80\xa2 \t Manages the implementation of the Government Paperwork Elimination Act (GPEA)\n        across the agency.\n\n    \xe2\x80\xa2 \t Provides leadership and coordination in the resolution of sensitive and high-risk \n\n        information management cases. \n\n\n\n\n\nOCIO - Page 9 \t                                                     PROPOSED: 7/07/04\n\x0c                   OFFICE OF THE CHIEF INFORMATION OFFICER \n\n\nInformation Management Case Services Team\n\nThe Information Management Case Services Team is responsible for the comprehensive\noperation of the agency case management system that responds to FOIA and Privacy Act\nrequests. The Team also is responsible for supporting ED information collection, records\nretention and management, and GPRA activities.\n\nIn performing its responsibilities, the Team:\n\n   \xe2\x80\xa2 \t Oversees agency compliance with FOIA, Privacy Act and Departmental records retention\n       and management policies.\n\n   \xe2\x80\xa2 \t Ensures the successful handling of all requests regarding FOIA and the Privacy Act\n       received by the Department. The team also is responsible for furnishing reliable,\n       accurate, and timely information on FOIA and the Privacy Act in compliance with\n       relevant laws, statutes, regulations and directives.\n\n    \xe2\x80\xa2 \t Administers the agency\'s information collection activities, overseeing the Department\'s\n        collection and reporting prpcesses under the Paperwork Reduction Act and preparing the\n        annual Information Collection Budget for transmittal to OMB.\n\n    \xe2\x80\xa2 \t Supports Department systems and databases associated with information collections,\n        FOIA, Privacy, and records retention and management.\n\n    \xe2\x80\xa2 \t Oversees and monitors the administration of contracts to support operation and \n\n        maintenance of systems and databases relating to the mission of RIMS. \n\n\nE. \t Information Assurance Services\n\nInformation Assurance Services oversees the Department\'s IT security program and\nimplementation of the Federal Information Security Management Act. The Director of\nInformation Services reports directly to the Chief Information Officer.\n\nIn performing its responsibilities, the Information Assurance Team:\n\n         \xe2\x80\xa2 \t Directs the Department\'s enterprise-wide information assurance activities,\n             developing policies and guidance to prevent and defend against unauthorized access\n             to networks, system, and data directly or indirectly related to the Department\'s\n             activities.\n\n         \xe2\x80\xa2 \t Provides agency-wide leadership in maintaining and improving the accuracy,\n             confidentiality and integrity of data maintained in the Department\'s information\n             systems, including ongoing support of the agency\'s Data Integrity Board and data\n             matching/exchange agreements with other agencies.\n\n\n\n\nOCIO - Page 10 \t                                                      PROPOSED: 7/07/04\n\x0c-, \n\n\n                        OFFICE OF THE CHIEF INFORMATION OFFICER\n\n             \xe2\x80\xa2    Coordinates agency-wide IT security incident reporting and emergency response\n                  activities and serves as the Department liaison with the Office of General Counsel,\n                  Fed CIRC, the FBI, and other external law enforcement agencies concerning IT\n                  security incident reporting and follow-up activities.\n\n             \xe2\x80\xa2    Implements and coordinates activities regarding the agency\'s Critical Infrastructure\n                  Protection (CIP) focusing on protecting mission essential infrastructure, promoting\n                  best practices in infrastructure management, and developing and promulgating\n                  policies to implement requirements of Presidential Direction (PDD) 63.\n\n             \xe2\x80\xa2    Enforces Federal ADP Security standards, including review and evaluation\n                  activities prescribed by OMB Circulars A-123 and A-130.\n\n             \xe2\x80\xa2    Coordinates agency-wide policies regarding authentication and message encryption\n                  techniques inclusive of digital signatures and PKI technology.\n\n             \xe2\x80\xa2    Conducts annual Department-wide security audit reviews mandated by the\n                  Government Information Security Reform Act (GISRA) and periodically assists the\n                  agency\'s OIG with the conduct and resolution of Department IT security program\n                  and system audits.\n\n             \xe2\x80\xa2    Manages the operation of the agency\'s Information and Critical Infrastructure\n                  Assurance Steering Committee.\n\n             \xe2\x80\xa2    Develops and maintains a comprehensive and effective disaster recovery planning\n                  program that ensures continuity of operations for essential Departmental systems in\n                  the event of an emergency or other disruption to normal operations.\n\n             \xe2\x80\xa2    Develops corrective action plans to address weaknesses disclosed by GISRA\n                  reviews, IG audits, and Federal Managers Financial Management Integrity Act\n                  (FMFESIA) annual certifications related to IT security matters.\n\n              \xe2\x80\xa2   Defines IT security curricula and provides specialized security training for agency\'s\n                  technical staff and general security awareness/orientation training required of all\n                  Departmental employees.\n\n\n\n\n       OCIO - Page 11                                                     PROPOSED: 7/07/04\n\x0c'